16 July 2018

My Health Record: a health care choice for all Australians

OVER the next 3 months, people around Australia are being offered an important choice about how they want to interact with their own health information. By the end of 2018, all Australians will have a My Health Record created for them, unless they choose not to have one.

Their decision will be just that: one for them to make after considering the benefits of having immediate online access to their own data about their health and care, and being able to have their clinicians see that information too. They will have access to information such as their medicines and allergies, hospital and GP summaries, investigation reports and advance care plans — this could save their life in an emergency and help their clinicians find vital information more quickly so that they can make safer health care decisions. This information will empower them as they carry their health care history with them in their pockets, on their mobile phones.

Australians will make their choice in the context of our digital world, where the privacy and security of personal information is paramount. In other parts of our lives, we have already made the digital transition. The health sector has been naturally cautious in its adoption of online technologies, awaiting the availability of systems that can adequately ensure the privacy and security of our health information.

Trusted health care providers – GPs, specialists, pharmacists and others – are likely to find that their patients will want to talk to them about their decision. The My Health Record system is here to support better, safer care, but it’s not here to replace our current systems for clinical record keeping and professional communication. Neither will it somehow replace the patient–doctor relationship and our clinical judgement. It’s simply a secure online repository of health data and information that we wouldn’t have had access to otherwise. The data flow from securely connected clinical information systems in hospitals, general practices, pharmacies, specialists’ rooms, and pathology and radiology providers. It also provides access to Medicare Benefits Schedule (MBS) and Pharmaceutical Benefits Scheme (PBS) data, the Australian Immunisation register and the Australian Organ Donor registry.

People will want to be assured that the Australian Digital Health Agency – the operator of the My Health Record system – holds the privacy and security of their health information as its first priority. The security of the system has not been breached in its 6 years of operation. There is no complacency however – My Health Record system security operates to the highest standards, working with other leading security operations such as the Australian Cyber Security Centre. It undergoes constant surveillance and threat testing, protecting the health data of the 5.9 million Australians who have already opted in and chosen to have a My Health Record today.

The legislated privacy controls that My Health Record offers people are world-leading and easily accessed on the consumer portal. They include features such as a record access control, which is similar to a PIN that a person can apply to their entire record so that it can’t be viewed unless they share it with their clinician. In an emergency, the legislation allows a clinician to “break glass” and see vital medicines and allergy information; however, all instances of this are audited and people can choose to receive a text or email to let them know in the event that this happens.

There are many other privacy features. People can turn off Medicare data flows such as PBS and MBS information, and they can see a complete audit history of anyone who has ever interacted with their record in real time. They can pick and choose which information they’d like to keep entirely private with a limited document access control, which is an additional PIN that they can apply to specific documents. They can block health care provider organisations from viewing their record, and effectively delete documents in their record completely. They can enable an alert so that they receive a text message or email if a new health care provider organisation views their record for the first time.

The steps required for a health care practitioner to view the My Health Record are robust and require a number of security authentications to take place. For a provider to access the My Health Record via their clinical information system, they must be a registered health care provider – for example, registered with the Australian Health Practitioner Regulation Agency. They must also have a valid provider identifier. They must work within an organisation that has a valid organisational identifier. They must have conformant software that has a secure and encrypted connection to the My Health Record system. In addition, the patient must have a record on the provider’s clinical information system as a patient of the practice. Following this, the conformant system must use five pieces of information to validate the patient. Only then can the clinician see whether the patient has a My Health Record and the clinician’s access will depend on their patient’s individual privacy settings.

We also know that a staggering 230 000 hospital admissions occur every year as a result of medication misadventure, costing the Australian taxpayer $1.2 billion annually. Many of these admissions could be avoided if people and their clinicians had better access to vital medicines and allergy information.

The “Medicines View” is a recent addition to My Health Record that has been applauded by clinicians using My Health Record. It provides a consolidated summary of the most recent medicines information from notes entered by GPs, hospitals, pharmacies and consumers, allowing previously siloed medicines information to be brought together into a single view.

In addition to improvements in the features of My Health Record for people and clinicians, over the past 12 months, the system has undergone a significant transformation in terms of the richness of its clinical content. We have now seen the connection of public and private pathology and imaging providers, and a vast increase in connected pharmacy systems as well as hospitals around the country. The addition of this valuable clinical content will accelerate the realisation of benefits as clinicians find that they now have access to a more comprehensive source of information within the My Health Record system.

This week, a national communication plan has been launched to ensure Australians are well informed when making their decision about whether or not they would like a My Health Record. Our peak clinical and consumer bodies including the Australian Medical Association (AMA), the Royal Australian College of General Practitioners, the Pharmaceutical Society of Australia (PSA), the Pharmacy Guild and the Consumers Health Forum are among numerous organisations who have given their public support to the system and its benefits. Former AMA President Dr Michael Gannon described the system as “the future of medicine”. Guidelines on the use of My Health Record from the PSA have recently been published and the AMA will be releasing its revised guidelines in the coming weeks.

Our role as health care providers is to be our patients’ advocate, to support them in making the decisions and choices that will lead to better health outcomes and ensure that they have access to safe and effective care. My Health Record isn’t here to solve all of our problems, but it is an important step forward in our ability to deliver a safer and better connected health care system.

My Health Record: staying in or opting out?

21 thoughts on “My Health Record: a health care choice for all Australians”

My Health Record is ridiculous and does not make any sense. Patients can tamper with their own records and that will make the Doctors clinical judgement more confusing. NHS in UK has already rejected this and I don’t know why we are trying it here. Waste of Govt. funds

Do I trust the government to secure my health information and protect my privacy? Yes. Do I trust health care providers to secure my health information and protect my privacy? Mostly yes. Do I trust myself to engage with My Health Record at the level needed to manage my health health information and protect my privacy? No, and that’s why I have opted-out of My Health Record. Excluding everyone is the only way I can be confident of personally managing who has access to which aspects of my health information.

When I started reading I wondered why the article was ONLY positive – when I came to the end and realised WHO wrote the article it became more obvious. There is NO mentioning of the issues which have NOT been solved – who is legally responsible, who pays the poor GP to spend MORE time on paper, well in this case – data work and not on patient care, who protects the GP as the curator from legal action and how do we explain to the patient, sorry, we THOUGHT it was safe but now your very personal data is in hands from Hackers, blackmailers – and the police, who THOUGHT they might prevent a crime by looking at your medical records. The idea is still great and potentially could save many lives – but not in the current form. The only reason there is not more outcry from GPs is not that they agree with the e health record – they are just too busy looking after patients to have the time and energy to fight another red tape. The college has failed so far to protect GPs from the unanswered questions mentioned above ( and there are more ). It would be very interesting how many doctors will opt OUT – that will tell the real story.

Our regular monthly medical meetings has illuminated important topics this year. The last meeting on the federal government ordained electronic medical record – My Health Record – was no exception. Despite good intentions, this initiative has many ‘doubting Thomases’ – and with good reason. Not all doctors are convinced that the contents of each patient’s electronic medical record will be that useful clinically. Many are suspicious of the government’s intent of using the data obtained for non-clinical purposes. Some doctors are not convinced that the security of the system can be really protected against determined cyber criminals. And both GPs and specialists are underwhelmed by the financial incentives for doctors especially in the private sector to spend the time and energy on summarising patient information, loading up the data and maintaining or curating it on the system. Despite a passionate defence of the My Health Record by our invited speakers I wonder how many of the audience were convinced? It will be interesting to see how many of our medical colleagues decide to ‘opt out’ of My Health Record during the three-month ‘opt out’ period starting this month.

So who is going to have time to do this – already we are drowning in systems and trying to access information – this is ridiculous – more time where we cannot actually talk to and work with our patients….

The steps required for a health care practitioner to view the My Health Record are robust and require a number of security authentications to take place. For a provider to access the My Health Record via their clinical information system, they must be a registered health care provider – for example, registered with the Australian Health Practitioner Regulation Agency. They must also have a valid provider identifier. They must work within an organisation that has a valid organisational identifier. They must have conformant software that has a secure and encrypted connection to the My Health Record system. In addition, the patient must have a record on the provider’s clinical information system as a patient of the practice. Following this, the conformant system must use five pieces of information to validate the patient. Only then can the clinician see whether the patient has a My Health Record and the clinician’s access will depend on their patient’s individual privacy settings

There was a not dissimilar system (JEDHI) introduced into the Defence Forces Medical records some years ago. When a practitioner came to use it, they were confronted with a plethora of pages, recording every test, examination, investigations etc., that the Serviceman had ever had—literally a library of concerns in some cases, if you ever had the skills to navigate it (which i never had , as i was a Luddite !).
The same system had been used in England, but was found to be a failure, so they SOLD it to the ADF for something in the region of $3 million dollars (original quote was 1.5 million !) and dispensed with the system entirely.
It was meant to prevent the Servicepeople from carrying their records to all their new postings.
It is a complete and utter abhorrence, and does nothing to promote the health and welfare of the patients, except in exceptional cases, who probably shouldn’t be in the Services anyway, because of their afflictions. Such patients should be treated elsewhere, and not clog the ADF, which is an organisation for healthy, active people.

I am concerned by Dr Makeham’s statement that people “can see a complete audit history of anyone who has ever interacted with their record”. The word “anyone” suggests an individual. My Health Record’s access-logging system does not track the individual accessing a record, rather the health provider organisation. So if you see that your GP practice has accessed your record, there is no way of knowing whether it was your GP who accessed it or your nosey next-door neighbour who happens to be the practice receptionist. Just another example of the unfounded reassurances we are being given about so many aspects of this system.

So many faults & unresolved problems that are potentially harmful that this is a no-brainer! I will opt out personally & professionally. The crime is the huge waste of taxes squandered on this which could be much better spent on real health care.

So many reasons to opt out at every level …. but not even mentioned in the article.
Such bias undermines the entire project – if a writer cannot be balanced in promoting their ‘baby’, then neither can we trust them with it.

Too much information is the problem with the EMR system I work within, too difficult to learn how to filter it, and the desired filters are commonly unavailable or laborious.
As many have said, if the person concerned can filter the information, it certainly cannot be trustworthy – one will always have to ask ‘what is missing?’.

Where is the certainty of identification? Short of an inserted microchip (a la puppy management), anyone could be carrying someone else’s phone.
My last job application was marred by the Medical Board reporting to my employer that I was subject to complaints – but they had mistaken which doctor with my name was responsible!
IF the erstwhile Medical Board can make that mistake, how many other mistakes of identity will follow in such a system? As the system is orders of magnitude bigger, so will the errors be much bigger.
When our children’s doctors get used to the mega systems, hopefully I will be gone, but I fear for my children.

Today I heard Dr Makeham and Minister Hunt both repeat the claim made in this article – that MHR has suffered no security breaches in the six years of its operation.

Yet the 2015/2016 and 2016/2017 (I didn’t look back any further) “Annual reports of the Australian Information Commissioner’s activities in relation to digital health” detail data breach notifications involving “the unauthorised access of a health recipient’s My Health Record by a third party”.

I haven’t examined the system yet in detail but note the comments above. Whilst it may appropriate for the patient to view their own record, it would not necessarily appropriate for the patient to be able to arbitrarily amend the record without an e-trail. Obviously, incorrect information should be able to be corrected but like any medical record, the process should be clear ie that the record has been amended or corrected or that a file has been deleted. In a paper record, this of course was by putting a line through the incorrect entry (ie not removing it, not using whiteout nor obliterating it etc), initialing the correction and writing an amended entry (with the date and time of the amendment). Similarly, the presence of any blocks to some users should be visible to all users.
Finally as a health professional, I have not received any information yet about using the system although my employer has requested that I advocate to patients on its benefits.
Presumably, all AHPRA registered Health professionals will now also have be registered as “organistions” including solo practitioners. It of courses, raises the issue that access to a record presumably comes within the umbrella of an organisation.

An important choice would be opting in. Being caught unawares and sneakily being opted in without giving any explicit consent is not choice, it is sheer arrogance at best. Shame on Dr Majeham for her Orwellian ‘newspeak’.

And yes, I will be an advocate for my patients interests – by pointing out the gross deficiencies in protecting the records against ‘legal’ misuse. I am not worried about hacking, I am worried about what the government allows already and might allow in the future. I certainly opted out, and so did the rest of my well informed family (4 of us doctors)

so, all are up in arms about all the real and also perceived issues with this system. my problem is that many GPs are still not fully computerised for patient visits, so how is that going to be overcome. yes, names are already managing to put wrong information, and babies/children do not exist according to My Health Record. security, if anybody says it cannot be hacked, they are either uneducated for the job they do, or trying to lie to the people. look at Sing Health, and I can tell you Singaporeans take security much more seriously than us in Australia – 1.5 million people’s info got raided.
if you think about it, if the system records the health practice not the individual, then all sorts of people could look up details during say, hospital admission of those who are famous, or friends. not the best way to secure these records.
then again, if you opt in, you have lost consent to not allow certain things to go in, as we have been told not to reconsent patients each time. the flip side of the coin – patients may remove things off the record; so be careful as you cannot assume they do not have an issue etc. back to taking the whole history again.
so in the end, we are not better off – I have opted out, knowing that if in say 3 years, the system issues are resolved, I can always ask for an opt in.

Why has it not been commonly mentioned that FIVE Government Departments (including the ATO) will have un-vetted
access to myhealth records ….. meaning they can check on anyone’s records whenever they wish without having to answer to anyone?